堆栈内存溢出
  简体   繁体   English

在AWS S3 IAM策略中指定多个文件夹

[英]Specifying multiple folders in AWS S3 IAM policy

 原文  2018-04-20 13:49:10       json/ amazon-web-services/ amazon-s3/ amazon-iam

问题描述

I guess that my question is pretty straightforward. 我想我的问题很简单。 Let's say that I have following S3 bucket structure. 假设我具有以下S3存储桶结构。 

- root_folder_bucket
  - subfolder1
  - subfolder2
  - subfolder3
  - somefolder

The naive approach to restrict access only, for example, subfolder1, subfolder2, and subfolder3 would be like bellow. 仅限制访问的简单方法,例如子文件夹1,子文件夹2和子文件夹3就像下面这样。 In fact, AWS wouldn't throw an error, but such policy will not work. 实际上,AWS不会抛出错误,但是这样的策略将行不通。 Is there any elegant way to write the Resource policy like bellow or I should stick to the prefixes, conditions, and delimiter? 有没有像下面这样写资源策略的优雅方法,或者我应该坚持使用前缀,条件和分隔符? 

"arn:aws:s3:::root_folder_bucket/[subfolder1, subfolder2]/*",

1 个解决方案

解决方案1
 3  2018-04-20 14:02:00

Instead of defining the subfolders in a single ARN (Which won't work), you can either add multiple statements to the policy life shown below, 除了可以在单个ARN中定义子文件夹(不起作用)之外,您还可以在以下所示的策略寿命中添加多个语句, 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::root_folder_bucket/subfolder1"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::root_folder_bucket/subfolder2"]
    }
  ]
}

Or add multiple ARNs to the Resource block, 或将多个ARN添加到资源块, 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::root_folder_bucket/subfolder1",
                   "arn:aws:s3:::root_folder_bucket/subfolder2"]
    }
  ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 基于 IAM 用户标签限制 S3 访问(前缀)的 AWS IAM 策略 - AWS IAM Policy To Restrict S3 Access (Prefix) Based On IAM User's Tag 实施标记的 AWS IAM 策略 - AWS IAM Policy to Enforce Tagging AWS IAM 策略中的错误字符串 - Bad String in AWS IAM policy 无效的政策文档:AWS S3 CORS上传错误 - Invalid Policy Document : AWS S3 CORS Upload Error 以 json 漂亮格式检索 aws s3 存储桶策略 - Retrieve aws s3 bucket policy in json pretty format S3策略停止热链接? - S3 policy to stop hotlinking? 以编程方式访问AWS IAM策略JSON文件.Net SDK - Access aws IAM Policy JSON file programmatically .Net SDK 创建单个 IAM 用户以仅访问特定的 S3 存储桶 - Create a single IAM user to access only specific S3 bucket 将 IAM 策略添加到 AWS Secret Manager 以限制 IP 访问的正确语法是什么 - What is the right syntax for an IAM policy to add to AWS Secret Manager to restrict access by IP 如何使用 terraform 动态创建具有可变数量资源块的 AWS IAM 策略文档? - How do you dynamically create an AWS IAM policy document with a variable number of resource blocks using terraform?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM